CVE-2014-8587

Published Nov 4, 2014

Last updated a month ago

CVSS info 7.5

Overview

Description
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
Source
cve@mitre.org
NVD status
Modified
Products
commoncryptolib, sapcryptolib, sapseculib, hana, netweaver

Risk scores

CVSS 2.0

Type
Primary
Base score
7.5
Impact score
6.4
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-310

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic execution, potentially causing a denial of service. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.CVE-2026-23685
  2. SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.CVE-2025-42968
  3. SAP NetWeaver Deserialization VulnerabilityCVE-2025-42999
  4. SAP NetWeaver Unrestricted File Upload VulnerabilityCVE-2025-31324
  5. SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. CVE-2024-27898

References

Sources include official advisories and independent security research.